HAProxy loses function after WAN IP-address change

[liver007]

Hi there, My name is Jeen ทางเข้าufabet
i am using the current 17.7.8 release and have some problems with haproxy, which is used to access some ufabet
surveillance cameras over https (port 7443). because i don't want ssl warnings due to the self-signed certificate of the surveillance-server, i use haproxy with the letsencrypt certificate of the opnsense itself to access the video system. my ISP resets my internet connection (PPPoE) every 24 hours, everytime a new ip address is assigned, so i use an own dyndns-service (updates every minute "opnsense.example.tld"). the both needed frontends are listening to opnsense.example.com:7443 and :7446, which is working fine until the wan ip address changes. after then, the video services are not reachable (timeout) until haproxy is disabled and enabled again (restart via lobby does not work), which in my opinion is caused by not automatically updating the frontend listener address with the newly assigned ip on ip change.

is there any way to fix or circumvent that ?

[fraenki]

is there any way to fix or circumvent that ?

Yes: do not bind HAProxy to your WAN IP. Instead, bind HAProxy to a local IP and use a NAT port forward to redirect traffic from your WAN interface to your local HAProxy IP.


Regards
- Frank

[Vaseer]

I was looking in HAProxy and can not find option to bind it to local IP. How/where can I do this?

[fraenki]

I was looking in HAProxy and can not find option to bind it to local IP. How/where can I do this?

for os-haproxy < 2.0
HAProxy -> Settings -> Frontends -> Edit ->  Listen Addresses

for os-haproxy >= 2.0
HAProxy -> Settings -> Virtual Services -> Public Services -> Edit ->  Listen Addresses


Regards
- Frank